Information security management is the process of defining security controls to protect information assets. The first action of a management plan to enforce information security is to have a security program.

The general principles of information security:

The three basic principles of security are availability, integrity and confidentiality, and typically referred to as the Triple CIA or AIA, which are also the main purpose of any security program. The level of security required to fulfill these principles for each The company is different, because each has a unique combination of goals and business requirements and security.

Provide a solution for security activities by building information security policies, methods, standards, guidelines and policies.

classification of information

Security Organization

Security training

Security controls:

Security controls can be categorized into three groups:

Administrative controls that include:

Develop and publish policies, standards, procedures and guidelines.

Show employees

Guiding Security Awareness Training

Implementation of change control methods.

Technical and logical controls that include:

Implementation and maintenance of access control mechanisms.

Password and resource management

Identification and authentication method

Security devices and

Configuring Infrastructure.

Physical controls include:

Personal access control to various facilities and offices

Lock systems and remove floppy or unnecessary CD-ROMs

Protecting the factory environment

Supervision for penetration and

Environmental control

Security elements:

Vulnerability:

This is the weakness of the software, hardware, or procedure that may be provided to an attacker by the open source for someone who seeks to enter a computer or network and have unauthorized access to resources in the environment.

A vulnerability indicates a lack or weakness of protection that can be exploited.

For example: a service running on a server, unwanted applications or operating system software, access to unlimited modem dialing, open ports in the firewall, physical insecurity, etc.

Threat:

Any potential risk to information or systems.

The threat is a possibility that someone (individual, S / W) identifies and exploits the vulnerability.

An institution that uses vulnerability is known as a threat factor. For example: A threat agent can be an intruder to access the network through a port in the firewall

Risk:

The risk of this is likely to be a threat factor from the vulnerability and business-related impacts.

Reduce vulnerability and / or reduce risk

For example: If the firewall has multiple open ports, it is more likely that an attacker will use one to access the network in an unauthorized manner.

Exposure:

Exposure to an instance of exposure to damage from the threat agent.

The vulnerability of an organization is subject to potential damage.

For example: If password management is weak and password rules are not mandatory, the company is subject to the possibility of having user passwords used in an unauthorized manner.

Coping or Protection:

This is a S / W or h / w program or setting, or a method that reduces the risk.

For example: If a company has anti-virus software, but it does not keep the virus up to date, it’s a vulnerability. The company is vulnerable to virus attacks.

The threat is that a virus will appear in the environment and disrupt production.

The risk of developing and controlling the virus in the environment is risk.

If a virus infiltrates the environment, the vulnerability is exploited and the company is exposed.

Mutual actions in this situation are update signs and installation of antivirus software on computers.

Threat to threats leads to vulnerability

It can damage assets and cause exposure through protection.

Security controls:

Security controls can be categorized into three groups:

Administrative controls that include:

Develop and publish policies, standards, procedures and guidelines.

Show employees

Guiding Security Awareness Training

Implementation of change control methods.

Technical and logical controls that include:

Implementation and maintenance of access control mechanisms.

Password and resource management

Identification and authentication method

Security devices and

Configuring Infrastructure.

Physical controls include:

Personal access control to various facilities and offices

Lock systems and remove floppy or unnecessary CD-ROMs

Protecting the factory environment

Supervision for penetration and

Environmental control

Security elements:

Vulnerability:

This is the weakness of the software, hardware, or procedure that may be provided to an attacker by the open source for someone who seeks to enter a computer or network and have unauthorized access to resources in the environment.

A vulnerability indicates a lack or weakness of protection that can be exploited.

For example: a service running on a server, unwanted applications or operating system software, access to unlimited modem dialing, open ports in the firewall, physical insecurity, etc.

Threat:

Any potential risk to information or systems.

The threat is a possibility that someone (individual, S / W) identifies and exploits the vulnerability.

An institution that uses vulnerability is known as a threat factor. For example: A threat agent can be an intruder to access the network through a port in the firewall

Risk:

The risk of this is likely to be a threat factor from the vulnerability and business-related impacts.

Reduce vulnerability and / or reduce risk

For example: If the firewall has multiple open ports, it is more likely that an attacker will use one to access the network in an unauthorized manner.

Exposure:

Exposure to an instance of exposure to damage from the threat agent.

The vulnerability of an organization is subject to potential damage.

For example: If password management is weak and password rules are not mandatory, the company is subject to the possibility of having user passwords used in an unauthorized manner.

Coping or Protection:

This is a S / W or h / w program or setting, or a method that reduces the risk.

For example: If a company has anti-virus software, but it does not keep the virus up to date, it’s a vulnerability. The company is vulnerable to virus attacks.

The threat is that a virus will appear in the environment and disrupt production.

The risk of developing and controlling the virus in the environment is risk.

If a virus infiltrates the environment, the vulnerability is exploited and the company is exposed.

Mutual actions in this situation are update signs and installation of antivirus software on computers.

Threat to threats leads to vulnerability

It can damage assets and cause exposure through protection.

Security controls:Security controls can be categorized into three groups:

Administrative controls that include:

Develop and publish policies, standards, procedures and guidelines.

Show employees

Guiding Security Awareness Training

Implementation of change control methods.

Technical and logical controls that include:

Implementation and maintenance of access control mechanisms.

Password and resource management

Identification and authentication method

Security devices and

Configuring Infrastructure.

Physical controls include:

Personal access control to various facilities and offices

Lock systems and remove floppy or unnecessary CD-ROMs

Protecting the factory environment

Supervision for penetration and

Environmental control

Security elements:

Vulnerability:

This is the weakness of the software, hardware, or procedure that may be provided to an attacker by the open source for someone who seeks to enter a computer or network and have unauthorized access to resources in the environment.

A vulnerability indicates a lack or weakness of protection that can be exploited.

For example: a service running on a server, unwanted applications or operating system software, access to unlimited modem dialing, open ports in the firewall, physical insecurity, etc.

Threat:

Any potential risk to information or systems.

The threat is a possibility that someone (individual, S / W) identifies and exploits the vulnerability.

An institution that uses vulnerability is known as a threat factor. For example: A threat agent can be an intruder to access the network through a port in the firewall

Risk:

The risk of this is likely to be a threat factor from the vulnerability and business-related impacts.

Reduce vulnerability and / or reduce risk

For example: If the firewall has multiple open ports, it is more likely that an attacker will use one to access the network in an unauthorized manner.

Exposure:

Exposure to an instance of exposure to damage from the threat agent.

The vulnerability of an organization is subject to potential damage.

For example: If password management is weak and password rules are not mandatory, the company is subject to the possibility of having user passwords used in an unauthorized manner.

Coping or Protection:

This is a S / W or h / w program or setting, or a method that reduces the risk.